检测物联网网络零日分布式拒绝服务攻击的无监督方法

IF 1.3 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS IET Networks Pub Date : 2024-10-08 DOI:10.1049/ntw2.12134

Monika Roopak, Simon Parkinson, Gui Yun Tian, Yachao Ran, Saad Khan, Balasubramaniyan Chandrasekaran

{"title":"检测物联网网络零日分布式拒绝服务攻击的无监督方法","authors":"Monika Roopak, Simon Parkinson, Gui Yun Tian, Yachao Ran, Saad Khan, Balasubramaniyan Chandrasekaran","doi":"10.1049/ntw2.12134","DOIUrl":null,"url":null,"abstract":"<p>The authors introduce an unsupervised Intrusion Detection System designed to detect zero-day distributed denial of service (DDoS) attacks in Internet of Things (IoT) networks. This system can identify anomalies without needing prior knowledge or training on attack information. Zero-day attacks exploit previously unknown vulnerabilities, making them hard to detect with traditional deep learning and machine learning systems that require pre-labelled data. Labelling data is also a time-consuming task for security experts. Therefore, unsupervised methods are necessary to detect these new threats. The authors focus on DDoS attacks, which have recently caused significant financial and service disruptions for many organisations. As IoT networks grow, these attacks become more sophisticated and harmful. The proposed approach detects zero-day DDoS attacks by using random projection to reduce data dimensionality and an ensemble model combining K-means, Gaussian mixture model, and one-class SVM with a hard voting technique for classification. The method was evaluated using the CIC-DDoS2019 dataset and achieved an accuracy of 94.55%, outperforming other state-of-the-art unsupervised learning methods.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":"13 5-6","pages":"513-527"},"PeriodicalIF":1.3000,"publicationDate":"2024-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12134","citationCount":"0","resultStr":"{\"title\":\"An unsupervised approach for the detection of zero-day distributed denial of service attacks in Internet of Things networks\",\"authors\":\"Monika Roopak, Simon Parkinson, Gui Yun Tian, Yachao Ran, Saad Khan, Balasubramaniyan Chandrasekaran\",\"doi\":\"10.1049/ntw2.12134\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The authors introduce an unsupervised Intrusion Detection System designed to detect zero-day distributed denial of service (DDoS) attacks in Internet of Things (IoT) networks. This system can identify anomalies without needing prior knowledge or training on attack information. Zero-day attacks exploit previously unknown vulnerabilities, making them hard to detect with traditional deep learning and machine learning systems that require pre-labelled data. Labelling data is also a time-consuming task for security experts. Therefore, unsupervised methods are necessary to detect these new threats. The authors focus on DDoS attacks, which have recently caused significant financial and service disruptions for many organisations. As IoT networks grow, these attacks become more sophisticated and harmful. The proposed approach detects zero-day DDoS attacks by using random projection to reduce data dimensionality and an ensemble model combining K-means, Gaussian mixture model, and one-class SVM with a hard voting technique for classification. The method was evaluated using the CIC-DDoS2019 dataset and achieved an accuracy of 94.55%, outperforming other state-of-the-art unsupervised learning methods.</p>\",\"PeriodicalId\":46240,\"journal\":{\"name\":\"IET Networks\",\"volume\":\"13 5-6\",\"pages\":\"513-527\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2024-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12134\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12134\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

作者介绍了一种无监督入侵检测系统，旨在检测物联网（IoT）网络中的零日分布式拒绝服务（DDoS）攻击。该系统无需事先了解攻击信息或接受相关培训，即可识别异常情况。零日攻击利用的是以前未知的漏洞，因此传统的深度学习和机器学习系统很难检测到它们，因为它们需要预先标记数据。对于安全专家来说，标记数据也是一项耗时的任务。因此，有必要采用无监督方法来检测这些新威胁。作者重点介绍了 DDoS 攻击，这种攻击最近给许多组织造成了严重的财务和服务中断。随着物联网网络的发展，这些攻击变得更加复杂和有害。所提出的方法通过使用随机投影来降低数据维度，并结合 K-means、高斯混合模型、单类 SVM 和硬投票技术的组合模型来进行分类，从而检测零日 DDoS 攻击。该方法使用 CIC-DDoS2019 数据集进行了评估，准确率达到 94.55%，优于其他最先进的无监督学习方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

摘要图片

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

An unsupervised approach for the detection of zero-day distributed denial of service attacks in Internet of Things networks

The authors introduce an unsupervised Intrusion Detection System designed to detect zero-day distributed denial of service (DDoS) attacks in Internet of Things (IoT) networks. This system can identify anomalies without needing prior knowledge or training on attack information. Zero-day attacks exploit previously unknown vulnerabilities, making them hard to detect with traditional deep learning and machine learning systems that require pre-labelled data. Labelling data is also a time-consuming task for security experts. Therefore, unsupervised methods are necessary to detect these new threats. The authors focus on DDoS attacks, which have recently caused significant financial and service disruptions for many organisations. As IoT networks grow, these attacks become more sophisticated and harmful. The proposed approach detects zero-day DDoS attacks by using random projection to reduce data dimensionality and an ensemble model combining K-means, Gaussian mixture model, and one-class SVM with a hard voting technique for classification. The method was evaluated using the CIC-DDoS2019 dataset and achieved an accuracy of 94.55%, outperforming other state-of-the-art unsupervised learning methods.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IET Networks COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

5.00

自引率

0.00%

发文量

审稿时长

33 weeks

期刊介绍： IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.